Introduction to pxGrid 1.0

pxGrid 1.0 should no longer be used

Cisco Platform Exchange Grid (pxGrid) 1.0 is XMPP based and is developed using a pub/sub framework. Cisco pxGrid provides a unified framework enabling ecosystem partners to consume Cisco Identity Service Engine (ISE) contextual information from published topics of information. Developers desiring to integrate with pxGrid 1.0, require a SDK consisting of Grid Control Libraries (GCL), including Java and C Script samples.

Published topics includes:

SessionDirectory- which exposes the existing attributes in the ISE Session directory for pxGrid session objects:
Session State, IP Address, Username, User AD domain, MAC, NAS IP Address, Trustsec Security Group
Name, Endpoint Profile Name, (profiling policy name), Posture Status, Audit Session ID, Acct Session IP
(In the RADIUS AV Pair, Last Update Time)

EndointProfileMetadataCapability- exposes the profiling policies in ISE. Any addition/deletion/update in
these policies are notified through this capability and provides the following attributes: id, namd, fully-qualified nam
aid/name/fully-qualified name

TrustsecMetadataCapability- exposes the Trustsec Security Groups metadata configured in ISE and provides the following attributes: Trustsec tag name, unique identifier, description and value

EndpointProtectionService- exposes the EPS quarantine/unquarantine APIs, otherwise known as Adaptive Networ Control (ANC) 1.0.

AdaptiveNetworkControl-exposes the Adaptive Network Control (ANC) 2.0 API, ANC Query. ANC query actions provide additional policy actions over the EndpointProtectionService.  These policy actions include quarantine, port-bounce, port-shut. Additional features such as ANC policy creation, deletion are availbale, retrieval of all ANC polices or by name.  Endpoint management features such as retreival of all endpoints by MAC address from all ANC policies or specific ones, assigning IP address to an ANC policy, clearing or unquarantining the endpoint. ANC 2.0 was added in ISE 2.0 and above.

In addition, Dynamic Topics, and publishing SXP bindings were added in ISE 2.0 and above.

Dynamic Topics allow for the sharing of contextual information can be shared between the registered/subscribed pxGrid clients. pxGrid clients can act as publisher or subscribers to publish or consume this information. Please note that ISE will not be able to consume this information.

Publish SXP Bindings enables subscribers to get receive IP, SGT-Tag, Source, Peer Sequence information

It is recommended to download the How-To pxGrid Testing and Configuration Guide to step through the sample code examples, to see what infromation is valuable to you and also for installing and configuring ISE.

When creating certificates in a testing environment, please see Using an External CA for Generating Certificates (for ISE version 2.0/2.1/2.2 and above)